72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
Size

184KB
MD5

13a1041b8ffb352da6870c1df2c39315
SHA1

623e634fb5356723b2886e26d68eaf6b3a9bef0c
SHA256

72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282
SHA512

28042a71b9243cda0985c10809afcaf49ccd753c733f4465b25d8a68269ce806c493bf65d90b6142290a3b3986af8afe00ceb0bcb81d508f32a3574584af3952
SSDEEP

3072:O9OfyvoZsVQKdApVexp0tf2hVhlnniFWn9:O9jofGApPtehVhlnniFW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-44790.exeUnicorn-23384.exeUnicorn-3518.exeUnicorn-45989.exeUnicorn-30399.exeUnicorn-15454.exeUnicorn-50348.exeUnicorn-34566.exeUnicorn-58516.exeUnicorn-12008.exeUnicorn-27790.exeUnicorn-63752.exeUnicorn-48547.exeUnicorn-737.exeUnicorn-11598.exeUnicorn-9097.exeUnicorn-13181.exeUnicorn-17266.exeUnicorn-28126.exeUnicorn-37769.exeUnicorn-48630.exeUnicorn-41853.exeUnicorn-1012.exeUnicorn-31739.exeUnicorn-15957.exeUnicorn-48075.exeUnicorn-25325.exeUnicorn-36185.exeUnicorn-9543.exeUnicorn-60135.exeUnicorn-64219.exeUnicorn-17711.exeUnicorn-33768.exeUnicorn-20639.exeUnicorn-773.exeUnicorn-15485.exeUnicorn-61157.exeUnicorn-13025.exeUnicorn-14416.exeUnicorn-64172.exeUnicorn-1095.exeUnicorn-17240.exeUnicorn-48521.exeUnicorn-11209.exeUnicorn-11209.exeUnicorn-60965.exeUnicorn-19378.exeUnicorn-54188.exeUnicorn-54188.exeUnicorn-38406.exeUnicorn-58272.exeUnicorn-12880.exeUnicorn-14271.exeUnicorn-41660.exeUnicorn-16410.exeUnicorn-55304.exeUnicorn-25708.exeUnicorn-18932.exeUnicorn-62102.exeUnicorn-7426.exeUnicorn-46321.exeUnicorn-16986.exeUnicorn-47712.exeUnicorn-47712.exe

pid	process
1628	Unicorn-44790.exe
2900	Unicorn-23384.exe
2180	Unicorn-3518.exe
2728	Unicorn-45989.exe
2644	Unicorn-30399.exe
2776	Unicorn-15454.exe
2584	Unicorn-50348.exe
2944	Unicorn-34566.exe
1244	Unicorn-58516.exe
1216	Unicorn-12008.exe
1912	Unicorn-27790.exe
1820	Unicorn-63752.exe
1780	Unicorn-48547.exe
2620	Unicorn-737.exe
2292	Unicorn-11598.exe
2348	Unicorn-9097.exe
584	Unicorn-13181.exe
1240	Unicorn-17266.exe
580	Unicorn-28126.exe
1744	Unicorn-37769.exe
1900	Unicorn-48630.exe
268	Unicorn-41853.exe
792	Unicorn-1012.exe
2028	Unicorn-31739.exe
1000	Unicorn-15957.exe
3036	Unicorn-48075.exe
3040	Unicorn-25325.exe
2232	Unicorn-36185.exe
568	Unicorn-9543.exe
1612	Unicorn-60135.exe
2980	Unicorn-64219.exe
1600	Unicorn-17711.exe
2964	Unicorn-33768.exe
2928	Unicorn-20639.exe
2788	Unicorn-773.exe
2672	Unicorn-15485.exe
2704	Unicorn-61157.exe
1956	Unicorn-13025.exe
2564	Unicorn-14416.exe
2592	Unicorn-64172.exe
632	Unicorn-1095.exe
1088	Unicorn-17240.exe
2000	Unicorn-48521.exe
2004	Unicorn-11209.exe
1988	Unicorn-11209.exe
2176	Unicorn-60965.exe
2408	Unicorn-19378.exe
908	Unicorn-54188.exe
352	Unicorn-54188.exe
2828	Unicorn-38406.exe
2800	Unicorn-58272.exe
1652	Unicorn-12880.exe
1784	Unicorn-14271.exe
3016	Unicorn-41660.exe
1288	Unicorn-16410.exe
1496	Unicorn-55304.exe
880	Unicorn-25708.exe
2088	Unicorn-18932.exe
1748	Unicorn-62102.exe
2840	Unicorn-7426.exe
2920	Unicorn-46321.exe
856	Unicorn-16986.exe
3044	Unicorn-47712.exe
2556	Unicorn-47712.exe

Loads dropped DLL 64 IoCs

Processes:

72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exeUnicorn-44790.exeUnicorn-23384.exeUnicorn-3518.exeWerFault.exeUnicorn-45989.exeUnicorn-15454.exeUnicorn-30399.exeWerFault.exeWerFault.exeUnicorn-50348.exeUnicorn-58516.exeUnicorn-12008.exeUnicorn-34566.exeUnicorn-27790.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
1628	Unicorn-44790.exe
1628	Unicorn-44790.exe
2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
2900	Unicorn-23384.exe
2900	Unicorn-23384.exe
1628	Unicorn-44790.exe
1628	Unicorn-44790.exe
2180	Unicorn-3518.exe
2180	Unicorn-3518.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
3004	WerFault.exe
2728	Unicorn-45989.exe
2728	Unicorn-45989.exe
2900	Unicorn-23384.exe
2776	Unicorn-15454.exe
2644	Unicorn-30399.exe
2776	Unicorn-15454.exe
2900	Unicorn-23384.exe
2644	Unicorn-30399.exe
2180	Unicorn-3518.exe
2180	Unicorn-3518.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
2220	WerFault.exe
1932	WerFault.exe
1932	WerFault.exe
1932	WerFault.exe
1932	WerFault.exe
1932	WerFault.exe
2220	WerFault.exe
2584	Unicorn-50348.exe
2584	Unicorn-50348.exe
2728	Unicorn-45989.exe
2728	Unicorn-45989.exe
1244	Unicorn-58516.exe
1244	Unicorn-58516.exe
2776	Unicorn-15454.exe
2776	Unicorn-15454.exe
1216	Unicorn-12008.exe
1216	Unicorn-12008.exe
2944	Unicorn-34566.exe
2944	Unicorn-34566.exe
1912	Unicorn-27790.exe
1912	Unicorn-27790.exe
2644	Unicorn-30399.exe
2644	Unicorn-30399.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2624	2100	WerFault.exe	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
3004	1628	WerFault.exe	Unicorn-44790.exe
2220	2900	WerFault.exe	Unicorn-23384.exe
1932	2180	WerFault.exe	Unicorn-3518.exe
1524	2728	WerFault.exe	Unicorn-45989.exe
1132	2644	WerFault.exe	Unicorn-30399.exe
1616	2776	WerFault.exe	Unicorn-15454.exe
2152	2584	WerFault.exe	Unicorn-50348.exe
3056	1244	WerFault.exe	Unicorn-58516.exe
2732	1216	WerFault.exe	Unicorn-12008.exe
2720	2944	WerFault.exe	Unicorn-34566.exe
2636	1912	WerFault.exe	Unicorn-27790.exe
536	1820	WerFault.exe	Unicorn-63752.exe
780	1780	WerFault.exe	Unicorn-48547.exe
1096	2292	WerFault.exe	Unicorn-11598.exe
2496	2620	WerFault.exe	Unicorn-737.exe
2272	2348	WerFault.exe	Unicorn-9097.exe
1764	584	WerFault.exe	Unicorn-13181.exe
960	580	WerFault.exe	Unicorn-28126.exe
2032	1240	WerFault.exe	Unicorn-17266.exe
2344	1744	WerFault.exe	Unicorn-37769.exe
2304	1900	WerFault.exe	Unicorn-48630.exe
2128	268	WerFault.exe	Unicorn-41853.exe
2976	2028	WerFault.exe	Unicorn-31739.exe
2296	1000	WerFault.exe	Unicorn-15957.exe
1564	3036	WerFault.exe	Unicorn-48075.exe
2996	3040	WerFault.exe	Unicorn-25325.exe
2844	2232	WerFault.exe	Unicorn-36185.exe
2552	568	WerFault.exe	Unicorn-9543.exe
632	1612	WerFault.exe	Unicorn-60135.exe
2208	2980	WerFault.exe	Unicorn-64219.exe
1180	1600	WerFault.exe	Unicorn-17711.exe
2956	2964	WerFault.exe	Unicorn-33768.exe
3120	2788	WerFault.exe	Unicorn-773.exe
3140	2928	WerFault.exe	Unicorn-20639.exe
3172	2672	WerFault.exe	Unicorn-15485.exe
3180	2564	WerFault.exe	Unicorn-14416.exe
3220	2000	WerFault.exe	Unicorn-48521.exe
3228	2704	WerFault.exe	Unicorn-61157.exe
3296	2004	WerFault.exe	Unicorn-11209.exe
3352	1988	WerFault.exe	Unicorn-11209.exe
3392	2176	WerFault.exe	Unicorn-60965.exe
3416	2800	WerFault.exe	Unicorn-58272.exe
3804	1956	WerFault.exe	Unicorn-13025.exe
3764	1652	WerFault.exe	Unicorn-12880.exe
3956	352	WerFault.exe	Unicorn-54188.exe
3076	1088	WerFault.exe	Unicorn-17240.exe
3132	2836	WerFault.exe	Unicorn-51796.exe
3384	2592	WerFault.exe	Unicorn-64172.exe
3432	856	WerFault.exe	Unicorn-16986.exe
3464	2408	WerFault.exe	Unicorn-19378.exe
3504	2332	WerFault.exe	Unicorn-49466.exe
3736	1860	WerFault.exe	Unicorn-6954.exe
3784	2828	WerFault.exe	Unicorn-38406.exe
3820	2616	WerFault.exe	Unicorn-42044.exe
3864	908	WerFault.exe	Unicorn-54188.exe
3992	2284	WerFault.exe	Unicorn-18740.exe
3760	1748	WerFault.exe	Unicorn-62102.exe
3100	1772	WerFault.exe	Unicorn-8324.exe
4252	3048	WerFault.exe	Unicorn-11593.exe
4272	1288	WerFault.exe	Unicorn-16410.exe
4348	696	WerFault.exe	Unicorn-58656.exe
4468	2952	WerFault.exe	Unicorn-10462.exe
4488	1784	WerFault.exe	Unicorn-14271.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exeUnicorn-44790.exeUnicorn-23384.exeUnicorn-3518.exeUnicorn-45989.exeUnicorn-30399.exeUnicorn-15454.exeUnicorn-50348.exeUnicorn-58516.exeUnicorn-34566.exeUnicorn-27790.exeUnicorn-12008.exeUnicorn-63752.exeUnicorn-48547.exeUnicorn-737.exeUnicorn-11598.exeUnicorn-13181.exeUnicorn-9097.exeUnicorn-17266.exeUnicorn-28126.exeUnicorn-37769.exeUnicorn-48630.exeUnicorn-41853.exeUnicorn-31739.exeUnicorn-15957.exeUnicorn-48075.exeUnicorn-25325.exeUnicorn-36185.exeUnicorn-9543.exeUnicorn-60135.exeUnicorn-17711.exeUnicorn-33768.exeUnicorn-20639.exeUnicorn-773.exeUnicorn-61157.exeUnicorn-15485.exeUnicorn-13025.exeUnicorn-14416.exeUnicorn-64172.exeUnicorn-17240.exeUnicorn-48521.exeUnicorn-11209.exeUnicorn-60965.exeUnicorn-11209.exeUnicorn-19378.exeUnicorn-54188.exeUnicorn-54188.exeUnicorn-58272.exeUnicorn-38406.exeUnicorn-12880.exeUnicorn-14271.exeUnicorn-41660.exeUnicorn-16410.exeUnicorn-55304.exeUnicorn-25708.exeUnicorn-18932.exeUnicorn-62102.exeUnicorn-7426.exeUnicorn-46321.exeUnicorn-51796.exeUnicorn-47712.exeUnicorn-16986.exeUnicorn-47712.exeUnicorn-39906.exe

pid	process
2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
1628	Unicorn-44790.exe
2900	Unicorn-23384.exe
2180	Unicorn-3518.exe
2728	Unicorn-45989.exe
2644	Unicorn-30399.exe
2776	Unicorn-15454.exe
2584	Unicorn-50348.exe
1244	Unicorn-58516.exe
2944	Unicorn-34566.exe
1912	Unicorn-27790.exe
1216	Unicorn-12008.exe
1820	Unicorn-63752.exe
1780	Unicorn-48547.exe
2620	Unicorn-737.exe
2292	Unicorn-11598.exe
584	Unicorn-13181.exe
2348	Unicorn-9097.exe
1240	Unicorn-17266.exe
580	Unicorn-28126.exe
1744	Unicorn-37769.exe
1900	Unicorn-48630.exe
268	Unicorn-41853.exe
2028	Unicorn-31739.exe
1000	Unicorn-15957.exe
3036	Unicorn-48075.exe
3040	Unicorn-25325.exe
2232	Unicorn-36185.exe
568	Unicorn-9543.exe
1612	Unicorn-60135.exe
1600	Unicorn-17711.exe
2964	Unicorn-33768.exe
2928	Unicorn-20639.exe
2788	Unicorn-773.exe
2704	Unicorn-61157.exe
2672	Unicorn-15485.exe
1956	Unicorn-13025.exe
2564	Unicorn-14416.exe
2592	Unicorn-64172.exe
1088	Unicorn-17240.exe
2000	Unicorn-48521.exe
2004	Unicorn-11209.exe
2176	Unicorn-60965.exe
1988	Unicorn-11209.exe
2408	Unicorn-19378.exe
908	Unicorn-54188.exe
352	Unicorn-54188.exe
2800	Unicorn-58272.exe
2828	Unicorn-38406.exe
1652	Unicorn-12880.exe
1784	Unicorn-14271.exe
3016	Unicorn-41660.exe
1288	Unicorn-16410.exe
1496	Unicorn-55304.exe
880	Unicorn-25708.exe
2088	Unicorn-18932.exe
1748	Unicorn-62102.exe
2840	Unicorn-7426.exe
2920	Unicorn-46321.exe
2836	Unicorn-51796.exe
3044	Unicorn-47712.exe
856	Unicorn-16986.exe
2556	Unicorn-47712.exe
2524	Unicorn-39906.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exeUnicorn-44790.exeUnicorn-23384.exeUnicorn-3518.exeUnicorn-45989.exeUnicorn-15454.exeUnicorn-30399.exeUnicorn-50348.exe

description	pid	process	target process
PID 2100 wrote to memory of 1628	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-44790.exe
PID 2100 wrote to memory of 1628	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-44790.exe
PID 2100 wrote to memory of 1628	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-44790.exe
PID 2100 wrote to memory of 1628	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-44790.exe
PID 1628 wrote to memory of 2900	1628	Unicorn-44790.exe	Unicorn-23384.exe
PID 1628 wrote to memory of 2900	1628	Unicorn-44790.exe	Unicorn-23384.exe
PID 1628 wrote to memory of 2900	1628	Unicorn-44790.exe	Unicorn-23384.exe
PID 1628 wrote to memory of 2900	1628	Unicorn-44790.exe	Unicorn-23384.exe
PID 2100 wrote to memory of 2180	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-3518.exe
PID 2100 wrote to memory of 2180	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-3518.exe
PID 2100 wrote to memory of 2180	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-3518.exe
PID 2100 wrote to memory of 2180	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	Unicorn-3518.exe
PID 2100 wrote to memory of 2624	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	WerFault.exe
PID 2100 wrote to memory of 2624	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	WerFault.exe
PID 2100 wrote to memory of 2624	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	WerFault.exe
PID 2100 wrote to memory of 2624	2100	72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe	WerFault.exe
PID 2900 wrote to memory of 2728	2900	Unicorn-23384.exe	Unicorn-45989.exe
PID 2900 wrote to memory of 2728	2900	Unicorn-23384.exe	Unicorn-45989.exe
PID 2900 wrote to memory of 2728	2900	Unicorn-23384.exe	Unicorn-45989.exe
PID 2900 wrote to memory of 2728	2900	Unicorn-23384.exe	Unicorn-45989.exe
PID 1628 wrote to memory of 2644	1628	Unicorn-44790.exe	Unicorn-30399.exe
PID 1628 wrote to memory of 2644	1628	Unicorn-44790.exe	Unicorn-30399.exe
PID 1628 wrote to memory of 2644	1628	Unicorn-44790.exe	Unicorn-30399.exe
PID 1628 wrote to memory of 2644	1628	Unicorn-44790.exe	Unicorn-30399.exe
PID 2180 wrote to memory of 2776	2180	Unicorn-3518.exe	Unicorn-15454.exe
PID 2180 wrote to memory of 2776	2180	Unicorn-3518.exe	Unicorn-15454.exe
PID 2180 wrote to memory of 2776	2180	Unicorn-3518.exe	Unicorn-15454.exe
PID 2180 wrote to memory of 2776	2180	Unicorn-3518.exe	Unicorn-15454.exe
PID 1628 wrote to memory of 3004	1628	Unicorn-44790.exe	WerFault.exe
PID 1628 wrote to memory of 3004	1628	Unicorn-44790.exe	WerFault.exe
PID 1628 wrote to memory of 3004	1628	Unicorn-44790.exe	WerFault.exe
PID 1628 wrote to memory of 3004	1628	Unicorn-44790.exe	WerFault.exe
PID 2728 wrote to memory of 2584	2728	Unicorn-45989.exe	Unicorn-50348.exe
PID 2728 wrote to memory of 2584	2728	Unicorn-45989.exe	Unicorn-50348.exe
PID 2728 wrote to memory of 2584	2728	Unicorn-45989.exe	Unicorn-50348.exe
PID 2728 wrote to memory of 2584	2728	Unicorn-45989.exe	Unicorn-50348.exe
PID 2776 wrote to memory of 1244	2776	Unicorn-15454.exe	Unicorn-58516.exe
PID 2776 wrote to memory of 1244	2776	Unicorn-15454.exe	Unicorn-58516.exe
PID 2776 wrote to memory of 1244	2776	Unicorn-15454.exe	Unicorn-58516.exe
PID 2776 wrote to memory of 1244	2776	Unicorn-15454.exe	Unicorn-58516.exe
PID 2900 wrote to memory of 2944	2900	Unicorn-23384.exe	Unicorn-34566.exe
PID 2900 wrote to memory of 2944	2900	Unicorn-23384.exe	Unicorn-34566.exe
PID 2900 wrote to memory of 2944	2900	Unicorn-23384.exe	Unicorn-34566.exe
PID 2900 wrote to memory of 2944	2900	Unicorn-23384.exe	Unicorn-34566.exe
PID 2644 wrote to memory of 1912	2644	Unicorn-30399.exe	Unicorn-27790.exe
PID 2644 wrote to memory of 1912	2644	Unicorn-30399.exe	Unicorn-27790.exe
PID 2644 wrote to memory of 1912	2644	Unicorn-30399.exe	Unicorn-27790.exe
PID 2644 wrote to memory of 1912	2644	Unicorn-30399.exe	Unicorn-27790.exe
PID 2180 wrote to memory of 1216	2180	Unicorn-3518.exe	Unicorn-12008.exe
PID 2180 wrote to memory of 1216	2180	Unicorn-3518.exe	Unicorn-12008.exe
PID 2180 wrote to memory of 1216	2180	Unicorn-3518.exe	Unicorn-12008.exe
PID 2180 wrote to memory of 1216	2180	Unicorn-3518.exe	Unicorn-12008.exe
PID 2900 wrote to memory of 2220	2900	Unicorn-23384.exe	WerFault.exe
PID 2900 wrote to memory of 2220	2900	Unicorn-23384.exe	WerFault.exe
PID 2900 wrote to memory of 2220	2900	Unicorn-23384.exe	WerFault.exe
PID 2900 wrote to memory of 2220	2900	Unicorn-23384.exe	WerFault.exe
PID 2180 wrote to memory of 1932	2180	Unicorn-3518.exe	WerFault.exe
PID 2180 wrote to memory of 1932	2180	Unicorn-3518.exe	WerFault.exe
PID 2180 wrote to memory of 1932	2180	Unicorn-3518.exe	WerFault.exe
PID 2180 wrote to memory of 1932	2180	Unicorn-3518.exe	WerFault.exe
PID 2584 wrote to memory of 1820	2584	Unicorn-50348.exe	Unicorn-63752.exe
PID 2584 wrote to memory of 1820	2584	Unicorn-50348.exe	Unicorn-63752.exe
PID 2584 wrote to memory of 1820	2584	Unicorn-50348.exe	Unicorn-63752.exe
PID 2584 wrote to memory of 1820	2584	Unicorn-50348.exe	Unicorn-63752.exe

C:\Users\Admin\AppData\Local\Temp\72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe
"C:\Users\Admin\AppData\Local\Temp\72630397dee4d84b8658a893aaf26cee0d3278d2c739722cd178779952c38282.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
10⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
11⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
12⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
13⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
14⤵
PID:10220

C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
15⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 236
15⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
14⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
13⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
12⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
11⤵
- Program crash
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
10⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
11⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
12⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
13⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
14⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 216
14⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
13⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
12⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
11⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
10⤵
- Program crash
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
9⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
10⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
11⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
12⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
13⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
14⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 220
14⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 220
13⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
11⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
10⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
9⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
9⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
10⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
11⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
13⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
14⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 220
14⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
13⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
12⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
11⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
12⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
13⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
12⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
10⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
9⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
9⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
12⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
13⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
14⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
14⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
13⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
12⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
10⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
12⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
13⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
13⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
9⤵
- Program crash
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
8⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-47686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47686.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
11⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
12⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
13⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
10⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
9⤵
- Program crash
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
8⤵
- Program crash
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
7⤵
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
9⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
10⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
11⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
12⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
13⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
14⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
14⤵
PID:13436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
13⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
12⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
10⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
11⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
12⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
13⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 236
12⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
12⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
13⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 220
12⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
8⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
8⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
11⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
12⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
13⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 220
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
11⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
11⤵
PID:10320

C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
12⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 216
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
8⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
7⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
6⤵
- Program crash
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
9⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
11⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
12⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
13⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
14⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 220
14⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 220
13⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
11⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
12⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
13⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 220
13⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
12⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
13⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 216
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
11⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
8⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
8⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
11⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
12⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe
13⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
13⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
12⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
11⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
10⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
11⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
12⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 220
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
8⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
7⤵
- Program crash
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
8⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
11⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
12⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
13⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
10⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 236
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
9⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
7⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
10⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
11⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 236
12⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 220
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 236
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
8⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
6⤵
- Program crash
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
9⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
11⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
12⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
13⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
14⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 220
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
13⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
12⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
11⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
12⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
13⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
13⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 220
12⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
8⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
11⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
12⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
13⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
9⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
8⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe
10⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
11⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
12⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-32106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32106.exe
13⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 216
13⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
11⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8293.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
10⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
11⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
12⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
12⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
8⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
7⤵
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
7⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
8⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 236
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
8⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
7⤵
- Program crash
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
6⤵
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
7⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
8⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 200
9⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
9⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
11⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
10⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
6⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
10⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
12⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
10⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
7⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
8⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
9⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
10⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
11⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 236
10⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
9⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
8⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
7⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
6⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
5⤵
- Program crash
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
6⤵
- Executes dropped EXE
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
9⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
10⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
11⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
12⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
13⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
12⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
10⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
9⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
8⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10618.exe
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
11⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
12⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
7⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
8⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19057.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
12⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-57302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57302.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
12⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
13⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
13⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 220
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
9⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
10⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
11⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
11⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
9⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
8⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
7⤵
- Program crash
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
6⤵
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24625.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
11⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
12⤵
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 236
11⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
11⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
8⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
6⤵
- Program crash
PID:1180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
5⤵
- Program crash
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5200.exe
8⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
12⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
13⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 236
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
10⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
11⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
11⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
8⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
7⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
10⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
11⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 236
10⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
7⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42044.exe
6⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
9⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
10⤵
PID:8472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 236
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
9⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
7⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
5⤵
- Program crash
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14416.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
9⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
10⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
11⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
12⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
13⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
12⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
11⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
12⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
13⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
12⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
9⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
11⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
13⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
13⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
9⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
12⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
13⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
13⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
10⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
11⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
12⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 236
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
8⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
7⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
8⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
9⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 228
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
9⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-24993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24993.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
9⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
10⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
11⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 236
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
9⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
8⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
6⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
6⤵
- Executes dropped EXE
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
7⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
8⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
10⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
12⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
13⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
13⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
12⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21475.exe
10⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
11⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 220
12⤵
PID:13316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
8⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-38916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38916.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
10⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
11⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 216
12⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
7⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
6⤵
- Program crash
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
5⤵
- Program crash
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1012.exe
5⤵
- Executes dropped EXE
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
9⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 216
7⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
6⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
7⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
9⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
10⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 236
10⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
9⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
8⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
7⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
6⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
5⤵
- Program crash
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
8⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
10⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
11⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
12⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
13⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
13⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
12⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
11⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
10⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
11⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
10⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
8⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
7⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
9⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
11⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 236
10⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
9⤵
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
8⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 220
7⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
7⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
9⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
10⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61127.exe
11⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
12⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
8⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
8⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-23229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23229.exe
9⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-8034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8034.exe
10⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 220
11⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
10⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
9⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-11593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11593.exe
6⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
9⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
10⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
10⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
7⤵
- Program crash
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
6⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
5⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
6⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
7⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
9⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
10⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
11⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
10⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
9⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
8⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
7⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
6⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
5⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
6⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
7⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
8⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
9⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
10⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
9⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
8⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
7⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
6⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
5⤵
- Program crash
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
4⤵
- Program crash
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
2⤵
- Program crash
PID:2624

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
Filesize
184KB

MD5
4101db52e9819cc3eb26e2784eb05bfc

SHA1
e534ab0316b6888cbb417f54c6b222b9425abbf8

SHA256
3888da2fc977bfd7ebb0e3f59dc958c515622093a086adfcbe628aa729599423

SHA512
1e7f499c253efc2d64b277508e77fd5440579f19d74dc6bf136f4b0d93e89758e5753c2e458c0a427802b59cf8ee5a8ce4e9f6991c9f90aa29da26f626a3576c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
Filesize
184KB

MD5
7b0bbeccd7546caaa960b698473fd7bb

SHA1
8d79489bfd064020b4408c4d46f7a823217d2603

SHA256
aa2338f34b8725b5cfe60d357ae812f2e966536af330e7d05469c5aeed070fd5

SHA512
bb884d90cf2d27ee0faf420c30463805e04115e75d2347626785fa1e5b397dbba456a0c07419dc892823c9af067ba62de0a2b6762c4f4311b44958c78474d847

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
Filesize
184KB

MD5
6d404d0e6d401c6e24bc3cf8cbd0a1e6

SHA1
be92268e82afe3eecb55a97411c3a2ef3fec4138

SHA256
7b52a143b2e09e09ca85a91c885f1a9b34adc2371daaab6712dad82dc703c35e

SHA512
97c523aeedc876832c34ad2899467aa21207df71104be7ac0601bb8bf44ef883fa7d2d756031ef95aee0ceb35afdae40965d8b082284001c6eca57f397bea7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
Filesize
184KB

MD5
d34f7951f096cbba6275bb5a73abb98a

SHA1
1579d83b5d11be2ef46898ac2afe0698f1e19da5

SHA256
8d0b779517c8436f38d1dc8bdc6fbbfa466ca909d504d3ddb1ac084eca27e83d

SHA512
5ce89762c99a73c5ab4671dabee834dd86890026fee83ca4c39ecad01bdb149faa9a0b261fd98786f5d72cd0f7452e17d06243704afba3acd893d9406a7dbb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
Filesize
184KB

MD5
b8ec4fa0f9dacd1ae2c879a71ff24569

SHA1
1fb28982a2911f7df6c28c068646ab5c772feff9

SHA256
c7b8d666a6b6710e5234e27b932838503b97af11095a78cbf9c1b1c23bd5b9c7

SHA512
432382b9319a1aa2840e3679fda99cbd622e4a7da10fc44d784e78c12e2ba44fa5896ba9c146300637b6b44901488cd074ab0b68d8b608cc1a35ebe5ecd160a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
Filesize
184KB

MD5
48578bc0ed3caa81824fe7a719b7f26c

SHA1
6eca5e80f223b7bd14fe29ebff67cf9d8f0862cd

SHA256
b04557c7d97c893cbf348b5dbea7520a71e5143bb8a6aa0a21f028d2c826a25a

SHA512
be9ee677ad576a0158928e0af7af0f63db3f47ceb76f559ee3a34f988e3eb15f785052f41e8e4a70a9f4bd2ce680024e88da34a640ccc573d4111f38d500fb13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
Filesize
184KB

MD5
e8fd16ae1bb67f2f9b26961039f57fc3

SHA1
15856362d558f9a0a7b7e54381b77d0f420c5de1

SHA256
0f26c5002ecd4ea792e3f5a0d05bc8607180a2117d0d930269f4b7f493a44861

SHA512
1515870181de1bdc8e1bf49c0e532d7dbd79deabe0cde62ebf17801e14dc6bff1e786c5a7824aced88f2103b33aa7fba6f50f82afab22e9005069443a64aa086

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
Filesize
184KB

MD5
e98774d936f3eee0b3f569ed7f565fd4

SHA1
cdf156963decaf78eb75f269e0189030b1eca261

SHA256
9e505301b5994d64f9f5e3ed5d73153c392ca392c69e8787834cbdfe815092b4

SHA512
6447cb5319b609c58ae374975583e6569e00e92e7b5505564f1ea9e768ba578899933a4e2dc94d090b6f164e15770d2aca5b55b5e250cc54fd146cad52a91a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
Filesize
184KB

MD5
ca4ba47a53768471cc25c81c4bd9fb2e

SHA1
402b5c031b482139dc2ad4ea02b8ea394727675b

SHA256
0b470e836f9952dcf94efbb628fecf05ee468d3a3517ac4c2f14bf74c01280a4

SHA512
5cef86c493c6e9f4737ab4f27f3448da5761d034d2bec7e61a7001935936a2e9113901558ad71dc8f5d1617a4855243ebe35a4477243cde41bd0aaabe0aceee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
Filesize
184KB

MD5
ff8f2e0fea9a215420ab723542aa27a5

SHA1
cb200269ce4a9186029dea645e06d95eed6c2ffd

SHA256
34a4ff6afc29eb9d291d981eda461c59e6105adbbc3a619847a0b0f445837067

SHA512
69dc96e373352fe3997bfef02e49a5ec4b96aa07f422526bc4a0c8ce2721ebefce2b072355d0b429bf7779f7c2ef1d23237bed75fce1e5fd3cc32a4a92450140

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
Filesize
184KB

MD5
0796b2520dd99d7c3d110b84ab4c6f9b

SHA1
42c0233a0bc0615785da7166d84a933569050f51

SHA256
9cbdd71d9bb0b3c57b2883d1c0ebff4803d24418a6f908e84ec73ff3a302ee39

SHA512
175ee789a53b817cb7ebfbe765f04b258a4a9eb1e47be01ceb783e2c60d394322b2e2d2e5d6375345b2f7a1f7b423a20884ec6dae268950d75c1956ffba70fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
Filesize
184KB

MD5
8da3dbcccd568dddf9fb83ce47c834ec

SHA1
482543f2deb9795da240b134ee081662e5b51526

SHA256
5154e3da018b8f83b0be6adac8148d7052a1e8a50c3a4c504298e0c15550e052

SHA512
d8d96f9b2566b323e1ca0da896f4e17698246cf54173eab257e7991b8ba0b97faef384c9f4c58e86c51d9feb0a77b29356b49065eac713bb98c7a52bd6c1584e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
Filesize
184KB

MD5
023955f90a1aa27018462ca8a359c706

SHA1
438b8162fe70782466f0bdd9fe0a68415254ab4a

SHA256
265378ba57bd558ce27c8214b7eed17c469f910feb3005eebb796b2dc4e73680

SHA512
9239c0b89229693058b123b6359dd9cef94898e121e4bcac074b78f89189655e8b8bf46bb321c355512758791bbb2d9b5ab99ce55bc7ca44900a21b465668321

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
Filesize
184KB

MD5
8b37e940208b2cb5340744df8b81c1fc

SHA1
ae52f3d25c5e22bc5ac62c9a86256430f4fdbb5b

SHA256
bee0e6d2fa95731834142b45cbc5304afdecc8052e4e23a87153e17cb667752b

SHA512
9e3f9f266afc94cea5393fe606c300b84e46f0c63245a51efd4b081f1e15b746f97665508228d7624fcf49e89680b6e574c9b1418e158c441a2a2e06052a7c09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
Filesize
184KB

MD5
95a6f1b7dc2536399b886fbca46ba649

SHA1
afe305396980ee0a991afa98f79696912bb8e4fb

SHA256
82b6f4e909cccc93557001c4fa7d7a597bf57ca2274b7e9e859673cf79733308

SHA512
efb7debeb69ad0302bb099b039c781c6e83a9f8cf2e490a902fbca2fec7708561703d654980b79105e3cf83428c5dc110075383793dfbce58756c563215f9f41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
Filesize
184KB

MD5
fddd2e7b709e23fd1d15318bdf7a06ad

SHA1
9b0cf4ce136dc954921b6efe605bf2de08178f04

SHA256
27bfef77c77cff4be450caae0b923233d04d3f8c9c75bb47839ac8cec9a614a1

SHA512
4e07f1bb32ea63dae9874969ad202f9104772cfbe9616d0e2393394abdac1068f9b145631232334db64e3db30d59a59a449bf786dbd25f9d0b4a0cbf144b893b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
Filesize
184KB

MD5
220db2ba2e1c659650282bb1fc543394

SHA1
54fd23c788aa2633acde1032b0fa42709de64069

SHA256
df21d12ac7094e63c861e476854a45fa157a7213dd646d451009597229bbc625

SHA512
307b107f0edc3eec0ce567678c106799eebdf63bd92a366a10844b75d5bfc0f75e06342b29d3a466343994fd40856db47c53448a5e9829f087c2a39fbf6e3331

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
Filesize
184KB

MD5
08300d428097d40b5e004cb6ae4a7945

SHA1
a92b4076e3175454406ef4f0b354a11d76588369

SHA256
a2a5ecd8820ef0334504cd8081323230f579cadac56b7eeb43a7315c815108e5

SHA512
582da3d0966391331866ad23cd3f666f2befc6b627247a6bc5b61f3a6d0a756b5e7432e13c3f9e9dd1b50f31eab73f0c17b97d56e7ddd37d87a29a3cf33c7f75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
Filesize
184KB

MD5
aef3ce07af21578ee7d7c46b49ba1d29

SHA1
625a9996ae7df9fdcaaaeead776ddadf6247ea3b

SHA256
eacd43a797f62076a87918875e3957a6f67c5e16b8c53b67b0dd4076584a866d

SHA512
7061eb591561ada87cf550e5cb4829179de3a6c57e1f2b9c68b02cfe72bffd16d383bc9e82f08530e61b8057a8cf7b071702136537d114225676494aed4d9f31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
Filesize
184KB

MD5
9ca122f0e3f849f18afbe60054295a7f

SHA1
fd7fd8edd49233d3dc07a89d6ba3f70df3a52101

SHA256
68b31c00fe43533175783175b9a032681f31617a67fd30a01bc1374113a71060

SHA512
15df9b0712bf2728d85d3de9aebe91f81eb198f4cbe08f32456c40e47996fb328db8934f8e9f140e87875d7265719267461db97a814aba9fa551356dbca13b24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
Filesize
184KB

MD5
bb461cd27318f5b5ed3e6022ea129097

SHA1
6129249d1bd1ee53497849b3719c26394a080a07

SHA256
e8bb71be2f9daf8e4c79d4336ad351ef945393c18e6e286b7a3f9aa29084a14e

SHA512
e689521a88456d534ed35472581553e74c6fde4347bbb3382f73941acf1aafbc0ea0252a618c3ef97adedc6fe4ef6817a6749c5414d446e080cce865d2d041bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
Filesize
184KB

MD5
b5f4fd26203f283608ef450202d8e8a0

SHA1
4da23a6197234ccc51dd38975f101ea924d4f5c6

SHA256
42a27e6f88692518dc19fb648c21b7269fc819f451564eb0ea60c6183a0528b6

SHA512
f3bf4b0aaa86b002590645b274cf9676b919ee54ad2d56ddaefe8a5870b543babc4de14ed1d56bee8b3366db20b1e449fef68467b37b593c1cdc8fdf30afcb50

Download Submit
memory/2980-745-0x00000000028D0000-0x0000000002A2C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads